How to deploy Infrahub in production
This guide walks you through deploying Infrahub in a production environment with enhanced security, reliability, and maintainability. By following these steps, you'll set up a production-ready Infrahub instance that follows industry best practices.
This page is currently under development. Please use it as a reference checklist when preparing your Infrahub environment for production deployment.
Prerequisites
Before beginning your production deployment, ensure you have:
- Selected your deployment technology (Docker or Kubernetes)
- Verified your system meets the hardware requirements
- Administrative access to your deployment environment
- Decided between Community or Enterprise edition based on your support and feature needs
- Access to your organization's identity provider (for SSO configuration)
- A backup strategy and storage location
Step 1: Create a hardened configuration file
Production environments require secure configuration settings that differ from development defaults. Create a configuration file that overwrites default values to enhance security.
# Environment settings
INFRAHUB_ALLOW_ANONYMOUS_ACCESS=false
INFRAHUB_PRODUCTION=true
INFRAHUB_LOG_LEVEL=INFO
# Security keys & tokens (generate strong unique values)
INFRAHUB_SECURITY_SECRET_KEY=<strong-random-string-at-least-32-chars>
INFRAHUB_INITIAL_ADMIN_PASSWORD=<strong-admin-password>
INFRAHUB_INITIAL_ADMIN_TOKEN=<generate-uuid> # Generate with: uuidgen
INFRAHUB_INITIAL_AGENT_TOKEN=<generate-uuid> # Generate with: uuidgen
# Database & message broker security
INFRAHUB_BROKER_PASSWORD=<strong-broker-password>
INFRAHUB_DB_PASSWORD=<strong-database-password>
Never use default passwords or tokens in production. Generate strong unique values for each environment. You can generate UUIDs using the uuidgen command or an online UUID generator.
Step 2: Install Infrahub
Install Infrahub using your chosen deployment technology, applying your hardened configuration.
For high availability deployments on Kubernetes, use the HA manifest which includes proper replication and resource requests/limits.
Navigate to https://your-server-address in your browser. You should see the Infrahub login page.
Step 3: Configure SSO (recommended)
Connect Infrahub to your organization's identity provider to enhance security and simplify user management.
Detailed SSO configuration guide./ssoStep 4: Set up database backups
Implement regular database backups to prevent data loss in case of hardware failure or other issues.
Complete backup and restore guide./database-backupTest your backup and restore process periodically to ensure it works as expected.
Step 5: Configure monitoring
Set up monitoring to track the health and performance of your Infrahub deployment.
Using the built-in monitoring stack
Infrahub provides a pre-configured monitoring stack with Prometheus and Grafana:
- Download the monitoring configuration:
curl -O https://raw.githubusercontent.com/opsmill/infrahub/stable/development/docker-compose-observability.yml
- Start the monitoring services:
docker-compose -f docker-compose.yml -f docker-compose-observability.yml up -d
- Access Grafana at
http://your-server-address:3000with the default credentials (admin/admin)
Integrating with existing monitoring systems
If you have an existing monitoring system, configure it to track:
- API endpoints health (
/healthand/readiness) - Database metrics
- Message broker metrics
- Resource utilization (CPU, memory, disk)
Set up alerts for critical metrics like API availability, database connection issues, and high resource utilization.
Operations and maintenance
Upgrading Infrahub
To upgrade to a new version of Infrahub:
- Review the release notes for breaking changes
- Create a full backup of your database
- Update the container images
Always create a backup before upgrading to ensure you can restore if needed.
Support options
Community support
- GitHub Issues: github.com/opsmill/infrahub
- Discord Community: discord.gg/infrahub
- Documentation: docs.infrahub.app
Enterprise supportEnterprise Edition
- 24/7 support with SLA guarantees
- Dedicated support engineer
- Professional services for deployment
- Training and certification programs
Contact [email protected] for enterprise support.